Including the Linux OS, with all its numerous shells. This article will help anyone interested in understanding how to add a user to a Linux group, as well as create, edit and delete them. Go!
Groups and users are configured in console mode
Let's start by analyzing the creation procedure. Like everything else, this operation is performed using a special command, which in our case has the following syntax:
Please note that to make such changes to the system, you need root rights. If you don't have them, add "sudo" to the beginning of every command you enter to ensure they run successfully.
This creates a new account. In order for creation to take place with special settings, you can recycle certain keys; you can see their list below:
If creation with parameters failed, try the following:
The specified line will allow you to view all settings.
The following line will allow you to change these parameters:
To change information and parameters, use the usermod utility. The command will have the following syntax:
You can set or change the password as follows. Enter:
After this, you will need to write the desired password or, if it has already been set, enter the old one, and then the new one.
You also have the option to set a blank password. In this case, the command will look like:
From a security point of view, you should not create a “user” without the appropriate password. However, this is only relevant for administrators of firms and companies. This is not necessary for home use.
To delete use userdel. The syntax in our case will look like:
You can also create groups to which accounts will later be moved. To do this, write:
As in previous cases, you can use special keys to set additional parameters:
Now let's look at how to add the created “user” to the created group. To do this, you need to write the following line:
sudo usermod -aG testgroup vasyapupkin
For those who use not “naked” Linux, but its most popular shell - Ubuntu, we will look at working with accounts through a graphical interface. Initially, Ubuntu does not have the necessary utility to work with them, and all operations are carried out through the command line. However, you can install the necessary utility by typing:
sudo apt-get install gnome-system-tools
Once the installation is complete, you can easily perform the same operations as through the command line. Just go to “Properties”, and there you can add, change and delete them at your discretion.
You can view a list of all created users along with information about them in a special system file - /etc/passwd.
Now you know how to work with users and groups in the Linux operating system. Leave your feedback on this article and ask your questions in the comments.
Creating a new group in the system
With this command you can create a new user group (hereinafter referred to as group) group in system:
Adding a new user to the system
New user user can be added with the command:
He will automatically be placed in a custom group named after him.
To add a user user to an existing group group we write:
With this command, you can add a user to several groups at once. To do this, we list the group names separated by commas.
To add a user to a new group with a name different from the username, do the following:
useradd -g groupname user
This group will be the main one for the user.
Setting a user password
User password user is given by the command:
This command will ask you to enter your password twice. Never leave a user without a password!
Sometimes it is necessary to prevent a user from logging in. For example, if you only need access to a network share. (More about this.) To do this, you need to change the file passwd with the following command:
In the password field, I add an asterisk “*” before the password itself (this file is described in more detail at the end of the article). Save the changes made and exit with the keys Ctrl+X, key Y we confirm our choice. For greater security, this file can be edited with the command vipw. To exit the editor while saving changes, you need to run :wq. To exit without saving changes, write :q or :q! if any changes have been made.
User information files
The following information is provided for a better understanding of system user creation and fine-tuning. To edit users, in most cases it will be easier to use the command usermod. You can learn more about this command by running
All information about system users and groups is stored in the following files:
- /etc/passwd this file contains the entire list of users that the system knows about. Each line of this file describes a user and contains seven fields that contain user information. Fields are separated by colons.
1.
2. Encrypted user password (never leave this field blank);
3. User ID (UID);
4. Group ID (GID);
5. The GECOS field, in which you can specify the user’s full name, work home phone number, place of work, etc.;
6. Path to home directory;
7. Registration shell.
- /etc/shadow Passwords are stored here in encrypted form. This file is read-only for the superuser. Each line corresponds to one user. It contains nine fields separated by colons:
1.
User registration name;
2.
Encrypted user password;
3.
Date the password was last changed;
4.
Minimum number of days between password changes;
5.
Maximum number of days between password changes;
6.
Number of days before warning about password expiration;
7.
Number of days until the password expires;
8.
Account validity period;
9.
A reserved empty field that is not used.
The date fields in this file are filled with the number of days that have passed since January 1, 1970. The first two fields must be filled in!
- /etc/group contains a list of groups and the names of users included in these groups. Similar to the previous files, each line corresponds to one group and has four fields, which are separated by colons:
1.
Group name;
2.
Encrypted password or character x indicating the use of a file gshadow(when to connect a user to a group using the utility newgrp you need to enter a password);
3.
Group ID (GID);
4.
A list of members of this group, separated by commas.
I touched on the issues of user membership in a group, as well as the fact that users and groups have their own UID And GID. The topic of . Today I would like to systematize knowledge about local user base on Linux, how manage users and about files responsible for user management.
Linux is a multi-user operating system. Every user in Linux belongs to one core group and one or more additional groups. In Linux, as in most other operating systems, working with users consists of a set of the following manipulations: adding a user/group, deleting a user/group, modifying user/group settings. These manipulations are performed using the commands: useradd, groupadd, userdel, groupdel, usermod, groupmod, and passwd, gpasswd, id. In more detail: There are also graphical user administration tools, usually they are located in the X shell in the section Administration - Users and Groups.
Features of user management in Linux
Example of adding a user using a shell:
User-add-server:~# groupadd test user-add-server:~# useradd -c "Test Test" -g test -m test user-add-server:~# passwd test Enter the new UNIX password: Re-enter the new password UNIX: passwd: password updated successfully user-add-server:~# id test uid=1001(test) gid=1001(test) groups=1001(test) user-add-server:~# ls -ld /home/test / drwxr-xr-x 2 test test 4096 Dec 16 10:24 /home/test/ user-add-server:~#
In the example, we add a group for a new user (groupadd), then create a new user with the full name Test Test, having a main group test and login test, then set a password for the user test (passwd test) and check the parameters of the created user (id and created directory user /home/test/). The listing shows that UID and GID are more than 1000. This feature is a sign regular user. Values below (less than) 1000 (and on some distributions less than 500) indicate that the user is system user.
According to the agreement, system users usually have an id less than 100, and root user has an id equal to 0. Automatic numbering of regular users starts with values UID_MIN , set in the file /etc/login.defs, this value is usually set to 500 or 1000.
Besides regular user accounts and user account root, there are usually several in the system special purpose accounts for daemons such as FTP, SSH, mail, news, etc. These accounts often manage files, but cannot be accessed through regular login. Therefore they usually have login shell, defined as /sbin/nologin or /bin/false so that attempts to register with the system will fail.
On some systems, the add user command(s) have extended functionality. That is, for example, the useradd command in the Fedora and Red Hat distributions by default creates a new group for a new user and to cancel this function, you must use the -n option. To clarify such questions, you must refer to the distribution documentation.
When a user is deleted, his directory is not deleted. As a result, you can get an interesting situation:
User-add-server:~# userdel test user-add-server:~# groupdel test user-add-server:~# ls -ld /home/test/ drwxr-xr-x 2 1001 1001 4096 Dec 16 10:24 /home/test/ user-add-server:~# groupadd test123 user-add-server:~# useradd -c "Test Test" -g test123 -m test123 user-add-server:~# ls -ldn /home/ test* drwxr-xr-x 2 1001 1001 4096 Dec 16 14:30 /home/test drwxr-xr-x 2 1001 1001 4096 Dec 16 14:29 /home/test123 user-add-server:~# ls -ld / home/test* user-add-server:~# ls -ld /home/test* drwxr-xr-x 2 test123 test123 4096 Dec 16 10:24 /home/test drwxr-xr-x 2 test123 test123 4096 Dec 16 14 :25 /home/test123 user-add-server:~# passwd test123 Enter new UNIX password: Re-enter new UNIX password: passwd: password updated successfully user-add-server:~# su -l test123 test123@user-add- server:~$ pwd /home/test123 test123@user-add-server:/home/mc-sim$ ls /home/ mc-sim test test123 test123@user-add-server:~$ cd /home/mc-sim / test123@user-add-server:/home/mc-sim$ ls -la total 24 drwxr-xr-x 2 mc-sim mc-sim 4096 Nov 15 12:31 . drwxr-xr-x 6 root root 4096 Dec 16 14:25 .. -rw------- 1 mc-sim mc-sim 99 Nov 15 13:45 .bash_history -rw-r--r-- 1 mc-sim mc-sim 220 Oct 1 17:42 .bash_logout -rw-r--r-- 1 mc-sim mc-sim 3116 Oct 1 17:42 .bashrc -rw-r--r-- 1 mc- sim mc-sim 675 Oct 1 17:42 .profile test123@user-add-server:/home/mc-sim$ rm /home/mc-sim/.bash_logout rm: delete write-protected regular file `/home/mc -sim/.bash_logout"? y rm: unable to delete `/home/mc-sim/.bash_logout": Permission denied test123@user-add-server:/home/mc-sim$ rm /home/test/.bashrc test123@user-add-server:/home/mc-sim$
In the above example we delete user and group test, created earlier. In this case, the directory of this user remained untouched. As can be seen from the listing, the rights of the directory remained for id 1001. Next we create a new user and group, but with a different name - test123. This user is assigned UID And GID- a previously existing user test. Looking at the list of directories starting with /home/test*with key -n and without it, we see what happened - the user directory test became owned by the user test123 what access rights tell us -rw-r--r-- test123 test123. Login as user test123 and to check access rights in the directory /home/test We try to delete the file, and we also try to delete the file from the directory of the third user - mc-sim. This example illustrates well that in Linux everything is tied to identifiers.
Managing user and group databases in Linux
The main files containing information about users and groups are four files in the directory /etc.
/etc/passwd
password file containing basic information about users
/etc/shadow
shadow encrypted password file containing encrypted passwords
/etc/group
groups file containing basic information about groups and users belonging to these groups
/etc/gshadow
shadow groups file containing encrypted group passwords
It is highly not recommended to edit these files with a regular text editor. They (files) are updated when the above commands are executed, and when changed, they are blocked and synchronized.
If there is still an urgent need to edit the specified files, then using the command vipw you can safely edit the file /etc/passwd, and using the vigr command it is safe to edit the file /etc/group. These commands will lock the necessary files while changes are made using the help. If you make changes to the file /etc/passwd, team vipw will prompt you to check whether the file also needs to be updated /etc/shadow. Similarly, if you update a file /etc/group using the vigr command, you will receive a prompt that you need to update the file /etc/gshadow. If you need to remove group admins, you must use the command vigr, since the command gpasswd only allows you to add administrators.
Please note that in modern systems, passwd and group files do not store passwords in clear text. This is done for security reasons. Sami passwd and group files should be readable by everyone, and encrypted passwords should not be readable by everyone. That's why encrypted passwords are stored in shadow files, and these files are only readable by the root user. The necessary access to change authentication data is provided by a suid program, which has root privileges but can be run by any user.
File /etc/passwd
user-add-server:~# cat /etc/passwd root:x:0:0:root:/root:/bin/bash lp:x:7:7:lp:/var/spool/lpd:/bin/ sh sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin test123:x:1001:1001:Test Test:/home/test123:/bin/shThe /etc/passwd file contains one line for each user on the system. Each line contains seven fields separated by colons (:), a description of the fields using the root user as an example:
| field | meaning | description |
| Username | root | name used to login (login) |
| Password | x | user password (if encrypted, use - x) |
| user id (UID) | 0 | User ID |
| group id (GID) | 0 | Group ID |
Original: Linux Fundamentals
Author: Paul Cobbaut
Published date: October 16, 2014
Translation: A. Panin
Translation date: December 23, 2014
Chapter 29. User Groups
System user accounts can be combined within groups. The concept of user groups allows you to set access rights at the user group level instead of setting the same access rights for each individual user.
Every Unix or Linux distribution has a GUI tool for managing user groups. Users who do not have experience with these systems are recommended to use these tools. More experienced users can use command-line tools to manage user accounts, but be careful: some distributions do not allow you to use both GUI and command-line user group management tools (an example is Novell's YaST tool). Suse). Experienced system administrators can directly edit the corresponding files using the vi text editor or the vigr utility.
groupadd utility
User groups can be created using the groupadd utility. The example below shows how to create five groups (without adding users to them). root@laika:~# groupadd tennis root@laika:~# groupadd football root@laika:~# groupadd snooker root@laika:~# groupadd formula1 root@laika:~# groupadd salsa
group file
Users can belong to several groups. User group membership is defined in the /etc/group file. root@laika:~# tail -5 /etc/group tennis:x:1006: football:x:1007: snooker:x:1008: formula1:x:1009: salsa:x:1010: root@laika:~#
The first field on the user group description line is the group name. The second field contains the (encrypted) group password (this field can be empty). The third field contains the group identifier or GID value. The fourth field is a list of group members, which in this case is empty because there are no users in the groups.
groups command
A user can run the groups command to view a list of groups to which they belong. $groups harry sports$
usermod utility
A user's group membership can be changed using the useradd or usermod utility. root@laika:~# usermod -a -G tennis inge root@laika:~# usermod -a -G tennis katrien root@laika:~# usermod -a -G salsa katrien root@laika:~# usermod -a -G snooker sandra root@laika:~# usermod -a -G formula1 annelies root@laika:~# tail -5 /etc/group tennis:x:1006:inge,katrien football:x:1007: snooker:x:1008:sandra formula1:x:1009:annelies salsa:x:1010:katrien root@laika:~#
Use caution when using the usermod utility to add users to groups. By default, the usermod utility will remove the user from all groups in which he was a member if the names of these groups were not passed as part of the command! Using the -a (append) option avoids this behavior.
groupmod utility
You can change the user group name using the groupmod utility. root@laika:~# groupmod -n darts snooker root@laika:~# tail -5 /etc/group tennis:x:1006:inge,katrien football:x:1007: formula1:x:1009:annelies salsa:x: 1010:katrien darts:x:1008:sandra
groupdel utility
You can permanently delete a user group using the groupdel utility. root@laika:~# groupdel tennis root@laika:~#
gpasswd utility
You can also delegate control over membership of a specific user group to another user using the gpasswd utility. In the example below, we delegate the rights to add and remove users to the sports group to serena. We then use the su command to add the user harry to the sports group on behalf of the user serena. # gpasswd -A serena sports # su - serena $ id harry uid=516(harry) gid=520(harry) groups=520(harry) $ gpasswd -a harry sports Adding user harry to the group sports $ id harry uid=516( harry) gid=520(harry) groups=520(harry),522(sports) $ tail -1 /etc/group sports:x:522:serena,venus,harry $
User group administrators are not required to be members of these groups. They can remove their accounts from the user groups they administer without affecting their ability to add or remove users from those groups. $ gpasswd -d serena sports Remove user serena from the sports group $ exit
Information about user group administrators is stored in the /etc/gshadow file. # tail -1 /etc/gshadow sports:!:serena:venus,harry #
To remove all administrator accounts from a user group, use the gpasswd utility with options to specify an empty list of administrators. # gpasswd -A "" sports
newgrp utility
You can start a child shell with a new temporary primary user group by using the newgrp command. root@rhel65:~# mkdir prigroup root@rhel65:~# cd prigroup/ root@rhel65:~/prigroup# touch standard.txt root@rhel65:~/prigroup# ls -l total 0 -rw-r--r- -. 1 root root 0 Apr 13 17:49 standard.txt root@rhel65:~/prigroup# echo $SHLVL 1 root@rhel65:~/prigroup# newgrp tennis root@rhel65:~/prigroup# echo $SHLVL 2 root@rhel65: ~/prigroup# touch newgrp.txt root@rhel65:~/prigroup# ls -l total 0 -rw-r--r--. 1 root tennis 0 Apr 13 17:49 newgrp.txt -rw-r--r--. 1 root root 0 Apr 13 17:49 standard.txt root@rhel65:~/prigroup# exit exit root@rhel65:~/prigroup#
vigr utility
By analogy with the vipw utility, the vigr utility can be used to edit the /etc/group file manually, since it correctly locks this file during the editing process. The text editor vi or the vigr utility can only be used by experienced system administrators to manage user groups.
Practical task: user groups
Correct procedure for completing a practical task: user groups
1. Create user groups tennis, football and sports.
Groupadd tennis; groupadd football; groupadd sports
2. Using one command, make the user venus a member of the tennis and sports groups.
Usermod -a -G tennis,sports venus
3. Rename the user group fotball to foot.
Groupmod -n foot football
4. Use the vi text editor to add the user serena to the tennis user group.
5. Use the id command to ensure that the user serena is a member of the tennis user group.
Id (after logging out and logging in, user serena must be a member of the group)
6. Make one of the users responsible for managing user membership in the foot and sports groups. Check the functionality of the mechanism used.
Gpasswd -A (to make the user responsible for managing user group membership) gpasswd -a (to make the user a member of the user group)
